What can you do with that ?Redirect the flow of a program, wherever you want in the memory.

It is a very powerful and a funny exploitation.

Recquirements :- Understand a bit C and ASM language. (You have to understand what a stack and registers are)- Know vaguely what a buffer overflow means.

The goal of this tutorial is to teach you what is a stack based buffer overflow, only with observations and reflections with GDB.

Let's analyse this code (compiled with -g -fno-stack-protector) :

There is a typical buffer overflow in the function vuln() ;Indeed, the size of "arg" is not checked.If it exceeds 50 bytes, there is a buffer overflow, because the size of buffer is 50 bytes.

Let's try to launch it with 10*A (normal execution), and then with 100*A (crash) :

"Segmentation Fault" means that something went wrong during the process of our program. Indeed, we can notice that the program doesn't display "Good Bye!" at the end for the 2nd execution.Something went wrong.

Let's try to figure out what happened.

We are going to use GDB for that.

Line 16 of main.c, at the end of the function vuln, the program received a SIGSEGV signal.

That means that our stack is compromised, and we cannot exit the function vuln.

Let's disassemble the vuln function, and put some strategic breakpoints so we can analyze easily what happened.

Let's put 4 breakpoints :- At the beggining of the function vuln- Before the strcpy- After the strcpy- At the end of the function vuln

Now let's run the program with a buffer overflow, and see what happens on the stack :

The first breakpoint is reached, we are at the beggining of the function vuln.

Let's take a look at the top of our stack :

0x004005fe is the adress of the instruction right after the call of the function vuln :